McAfee Labs Endpoint Exploit Prevention team is looking for self-motivated & passionate security researcher!! 😒
Required Skills:
* In-depth understanding of OS internals. (primarily Windows. Experience with Linux Internals is plus)
* Experience with C/C++ and Windows API, API Hooking Techniques.
* Very Strong reverse engineering and debugging skills.
* Experience with vulnerability research and malware analysis. Good understanding of different vulnerabilities like Buffer Overflow, Integer Overflow, Dangling Pointers, different exploitation techniques & different mitigation bypass techniques etc.
* Understanding of x86-x64 Assembly.
* Experience with IDA or equivalent disassembly tools.
* Experience with OllyDbg and WinDbg; or equivalent debuggers.
* Experience with MITRE ATTACK Framework.
* Development experience in noscripting languages such as Python, perl, etc is plus.
* Candidate must have good verbal and written communication skills.
for more info:
https://www.linkedin.com/feed/update/urn:li:activity:6446055276524212224

Breaking The Facebook For Android Application
https://ash-king.co.uk/facebook-bug-bounty-09-18.html

Fallout Exploit Kit Pushing the SAVEfiles Ransomware
https://www.bleepingcomputer.com/news/security/fallout-exploit-kit-pushing-the-savefiles-ransomware/

Last week the Fallout Exploit kit was distributing the GandCrab ransomware. This week, it has started to distribute a new ransomware called SAVEfiles, for lack of a better name, through malvertising campaigns. [...]

EternalBlue Infections Persist
https://www.darkreading.com/analytics/eternalblue-infections-persist/d/d-id/1332820?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Indonesia, Taiwan, Vietnam, Thailand, Egypt, Russia, China, among the top 10 nations with the most machines infected with the exploit.

A Russian man who operates Kelihos Botnet Pleads in U.S. Federal Court to Fraud, Conspiracy, Computer Crime and Identity Theft Offenses. Peter Levashov operated the botnet for decades to facilitate the malicious activities such as credentials harvesting, bulk spam e-mails, Delivering ransomware and other malware’s. U.S. Attorney Durham said, “Mr. Levashov used the Kelihos botnet […]
The post Russian Hacker Who Operated Kelihos Botnet Pleads Guilty in US Federal Court (https://gbhackers.com/russian-hacker-kelihos-botnet/) appeared first on GBHackers On Security (https://gbhackers.com/).

2 Billion Bluetooth Devices are Still Vulnerable to Dangerous BlueBorne Attack After 1 Year
https://gbhackers.com/blueborne-attack/

Wasabi A framework for dynamic analysis of WebAssembly programs
http://wasabi.software-lab.org/

looking for android malware (miner)
send for me @moonshaker

Privilege Escalation & Post-Exploitation
https://movaxbx.ru/2018/09/16/privilege-escalation-post-exploitation/

A Microsoft Zero-day vulnerability that existing in Microsoft JET Database Engine has been crossed zero-day Initiative (ZDI) 120 days disclosure deadline and now it released in public. ZDI initially reported this zero-day flow to Microsoft on May 8, 2018, since then Microsoft acknowledged the vulnerability and started working on it to provide the patch for […]
The post ZDI Exposed Unpatched Microsoft RCE Zero-day Flaw in Public After it Crossed the 120 Days Deadline (https://gbhackers.com/zdi-opened-microsoft-zero-day/) appeared first on GBHackers On Security (https://gbhackers.com/).

3000 Hacked Websites Access comes to Sale in Russian Underground Dark Web Marketplace
https://gbhackers.com/hacked-websites/

Retail Sector Second-Worst Performer on Application Security
https://www.darkreading.com/application-security/retail-sector-second-worst-performer-on-application-security/d/d-id/1332860?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

A "point-in-time" approach to PCI compliance could be one reason why so many retailers appear to be having a hard time.